Overview

overview

10

Static

static

4

Packing Li...ts.exe

windows7-x64

10

Packing Li...ts.exe

windows10-2004-x64

10

Packing Li...ng.pdf

windows7-x64

3

Packing Li...ng.pdf

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03102024_1529_Packing List, BL Checking documentation.zip

  • Size

    3.0MB

  • Sample

    241003-sw9alswcmf

  • MD5

    a6fab610f7d1e5e88adb68dd343faaab

  • SHA1

    20abbe63dd57b01f847a4d8a455af4d3dfe9cca1

  • SHA256

    ee658f00ccfb421e4ff25480cda250ebb0c13457e1ee6323280d9a7e3b5fe5d6

  • SHA512

    6eea6202fd0defb69aa52da69440898d5deccb189f2ee8e97686e0ba8998433a3193dc9ae72fd3008b824a0adc343546763895c0ef52984249794a80ea2a2b0a

  • SSDEEP

    49152:fGHcb+H8vVT/7W72hvXa2GHbsOC2v49dc9s8+7QHnyEIXrk3QRuKVVRX93rsNwx+:uHa+wc2hDGHIOC2Kb8+MnyE6k3kV3F9s

Score
10/10
agenttesladiscoverykeyloggerlinkpdfspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    xxbj tjbm mvbc oygi

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Packing List, BL Checking documentation/BL, PL and Receipts.exe

    • Size

      811KB

    • MD5

      c6a83ae6709eab9d401bed7c0731c576

    • SHA1

      9d8d9c3f7166551f08f8522982fe6db49361d171

    • SHA256

      7ea54337b8801abed2803efac47a07eead6b8147d4e8510e90f8fb7a2e623faf

    • SHA512

      06f242833ad43ab29ee94abd25954acc5908dc0749d73fe3ce359344dc909a0d8f519199d7cd0cc3185f57f73e0d257c41444de49ab936cb76c840bb1a8652d5

    • SSDEEP

      12288:8mT6Fn+sUhCyZO4MUMoeHeS2bj/++oBM41tF9AEgedX4Viqa7N5ZYdkR:PeFn+dZOv+ebMj/0eOd8a7Nvd

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Packing List, BL Checking documentation/BLChecking.pdf

    • Size

      2.6MB

    • MD5

      fad36874ff0a6792b7afc542c3fbaf91

    • SHA1

      fa1c1b8f04b84564471b0dbde2b46f045d334be1

    • SHA256

      af5680454ba5d8e0ff8867ca338e7e6853fe21c9e9195b7e94a425f7757c27f2

    • SHA512

      b22f7afc0f14b3e8f116d48ea012e9fa452e54731018c4a65632bcedaf39e334fa9b3c9826086d15bef146d14b74d3a1eb9987dff3885aedf3a02b7d8da44265

    • SSDEEP

      49152:1OAnOw8SsiP8hnv2vq56lEEmSvPdjTWmLgM/Zhe2ir+qbaypVK6YU79TFc0F7:1OAOJiP85156lBmMjp7e1pc6XRxc0B

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks